Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7046 | 2025-03-20 | N/A | ||
| An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/auths/admin/details interface to retrieve the first admin (owner) details. | ||||
| CVE-2024-12390 | 2025-03-20 | N/A | ||
| A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symlinks, can be exploited to perform arbitrary file writes. This can lead to remote code execution by writing to sensitive files such as SSH keys, crontab files, or the application's own code. | ||||
| CVE-2024-10569 | 2025-03-20 | N/A | ||
| A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service. | ||||
| CVE-2023-52533 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2025-03-13 | 5.3 Medium |
| In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed | ||||
| CVE-2023-2253 | 1 Redhat | 5 Openshift, Openshift Api Data Protection, Openshift Api For Data Protection and 2 more | 2025-01-07 | 6.5 Medium |
| A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory. | ||||
| CVE-2024-3099 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 5.4 Medium |
| A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts. | ||||
| CVE-2024-20380 | 2024-11-21 | 7.5 High | ||
| A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software. | ||||
| CVE-2023-4875 | 3 Debian, Mutt, Redhat | 3 Debian Linux, Mutt, Enterprise Linux | 2024-11-21 | 2.2 Low |
| Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 | ||||
| CVE-2023-4874 | 3 Debian, Mutt, Redhat | 3 Debian Linux, Mutt, Enterprise Linux | 2024-11-21 | 4.3 Medium |
| Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 | ||||
| CVE-2022-2598 | 2 Debian, Vim | 2 Debian Linux, Vim | 2024-11-21 | 6.5 Medium |
| Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. | ||||
| CVE-2022-29207 | 1 Google | 1 Tensorflow | 2024-11-21 | 5.5 Medium |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | ||||
| CVE-2020-7925 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 7.5 High |
| Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9. | ||||
Page 1 of 1.